CyDR defence industry ICT accreditation and risk balance case processes

Cyber Defence and Risk (CyDR) defence industry ICT accreditation and risk balance case (RBC) processes.

CyDR service

CyDR provides a range of support to defence and its industry partners in the area of information assurance (IA), including:

  • oversight, tracking and provision of management information for all defence accreditation activity
  • advice and guidance on the subject of accreditation
  • assessment of evidence submitted in support of the accreditation process; e.g. risk management accreditation document sets (RMADS) and security operating procedures (SyOPs)
  • final sign-off and provision of a certificate and letter of accreditation
  • progression and review of risk balance cases (RBC) prior to sign-off by Ministry of Defence (MOD) Senior Information Risk Owner (SIRO)


Accreditation confirms that information and communication technology (ICT) systems embody appropriate security to allow MOD information to be stored and processed with an acceptable level of risk.

The Defence Assurance Risk Tool (DART), which can be accessed by anyone who possesses connectivity to the Restricted LAN Interconnect (RLI), must be used to register all ICT systems owned or used by MOD industry partners, where those systems are processing MOD owned information. These ICT systems must be accredited before use and subsequently have their security managed thereafter.

The authorities responsible for the systems requiring accreditation must ensure that this accreditation is obtained before storing or processing MOD information.

CyDR is the sponsor of the accreditation process for MOD, providing support and advice and overseeing accreditation activity across defence. The system, or a subset of a system, requiring accreditation is known as a target of assurance (TOA).

All requests to accredit ICT are processed through the Defence Assurance Risk Tool (DART), which enables the tracking of TOAs and the provision of management information.

The DART methodology includes a triage process that takes account of risk and assigns one of the following assessment paths:

  • CyDR assessment (known as ‘Red Channel’)
  • MOD Top Level Budget Holder accreditor assessment (‘Amber Channel’)
  • self assessment and provision of evidence to CyDR (‘Green Channel’)

Accreditation requires the provision of evidence and approval through the Cyber Defence and Risk (CyDR) team or delegated authority processes and will result in a DART generated certificate and letter.

The requirement to register systems for accreditation through DART is specified within Industry Security Notice (ISN) 2017/01.

Risk balance cases

Where circumstances dictate that it is necessary to carry out action that is outside of the scope of standard policy, an risk balance cases (RBC) must be raised. As with accreditation, all RBCs are registered through DART, providing the user is able to connect to the RLI.

RBCs are divided into 2 main categories:

  • movements: involving the transfer of information between various locations; these were formerly referred to as ‘Fast Tracks’
  • information: all other RBCs (previously called ‘Supp 12’s’)

The generic pathway for an RBC is:

  • initial triage by CyDR to determine who needs to be involved
  • review and comment by nominated stakeholders; e.g. the Network Technical Authority or local security staff.
  • review and comment by a CyDR accreditor
  • a final assessment by the CyDR RBC lead
  • approval by MOD SIRO or delegated authority

Start accrediting your ICT system or registering an RBC

If you have access to the RLI, you can contact and request a link to DART.

If you do not have access to the RLI, you will not be able to access DART directly. In this circumstance:

  1. Save a copy of the relevant CyDR accreditation request or off-line RBC form to a suitable location.
  2. Remember that information categorised as OFFICIAL-SENSITIVE or above must not be transmitted in clear over the internet.
  3. Post the completed accreditation request forms to:

Service Delivery Team
CyDR, Room X007
Bazalgette Pavilion,
RAF Wyton
PE28 2EA

Get advice and guidance on the accreditation or RBC processes in general.

Email our customer support team at

Joint Security Co-ordination Centre

The Joint Security Co-ordination (JSyCC) enables ‘defence information assurance’ assessment through the conduct and coordination of MOD information security incident management and related risk analysis activity.

Additionally, it is a focal point for ‘information security alerts’ and associated ‘warning and response’ activities.

JSyCC are responsible for:

  • operational co-ordination and management of the immediate response, warning and reporting, including the investigative oversight and follow-up actions, for all reported defence information assurance/information security incidents involving the loss, compromise or leakage of protectively marked official information and/or equipment
  • operational information security risk management, trend analysis and related policy. This includes the management of the MOD Information Security Incident Reporting Scheme (MISIRS) and supporting database, together with the drafting of responses to Parliamentary Questions, Freedom of Information (FOI) requests etc
  • the provision of the defence industry warning and reporting point (WARP) responsible for the coordination of the response and management of all defence industry information security incidents, including List X
  • the coordination of all law enforcement and counter intelligence for information security incidents

Contact details

If you want to know more about JSyCC, use the contact details below:

X017, Bazelgette Pavilion
RAF Wyton
Cambs, PE28 2EA

Point of Contact: JSyCC Ops 0306 770 2187

JSyCC Duty Officer (out of hours) 07768 558 863


Published 12 December 2012
Last updated 8 December 2021 + show all updates
  1. Updated the email address under 'Start accrediting your ICT system or registering an RBC'.

  2. Updated organisation name throughout page.

  3. Guidance has been updated with further contact details.

  4. Updated DAIS information.

  5. Added updated information on DAIS defence industry ICT accreditation.

  6. Updated contact details.

  7. Updated DAIS content.

  8. Updated name of organisation to Defence Assurance and Information Security (DAIS).

  9. Updated contact details

  10. New form added

  11. First published.